我使用 Java 创建证书路径。
它呈现为对象 CertPath,然后作为 Base64 字符串进行输出。
// certificates that build a chain: rootcert -> intermediatecert -> mycert
X509Certificate rootcert = ...
X509Certificate intermediatecert = ...
X509Certificate mycert = ...
CertPathBuilder cpb = CertPathBuilder.getInstance ("PKIX");
X509CertSelector xcs = new X509CertSelector ();
xcs.setCertificate (mycert);
Set <TrustAnchor> trusts = new HashSet <> ();
trusts.add (new TrustAnchor (rootcert, null));
X509Certificate cc [] = new X509Certificate [1];
cc [0] = intermediatecert;
CertStore cs = CertStore.getInstance ("Collection", new CollectionCertStoreParameters (Arrays.asList (cc)));
PKIXBuilderParameters pbp = new PKIXBuilderParameters (trusts, xcs);
pbp.addCertStore (cs);
pbp.setRevocationEnabled(false);
CertPath certPath = cpb.build (pbp).getCertPath ();
// Base64 encoded string of the certificate chain/path
String b64str = Base64.getMimeEncoder ().encodeToString (certPath.getEncoded ());
System.out.println (b64str);
如果我解析 Base64 字符串(例如将其放入文件中,然后
openssl asn1parse -在我的文件中
)它代表 ASN1 中的 X509 证书序列 - 正如预期的那样 - 到目前为止,一切顺利。
现在的问题是:我怎样才能走相反的路呢?从 Base64-String 到 CertPath 对象? 我没有看到任何可能的方法来使用字节数组初始化 CertPath 或 CertPathBuilder。
我需要手动解析 ASN1 还是有相应的 Creator/Builder?
非常感谢
@詹姆斯·K·波尔克总统
我发现了
CertficateFatory cf = CertificateFactory.getInstance ("X.509");
能够创建CertPath
List <X509Certificate> lst = ...
CertPath cp = cf.generateCertPath (lst); // from list of certs
以及从字节数组中解析一个(我认为是 ASN.1)。
ByteArrayInputStream bais = new ByteArrayInputStream (cp.getEncoded ());
cp = cf.generateCertPath (bais); // from ASN.1 bytes